System and method for generating an identification based on a public key of an asymmetric key pair

ABSTRACT

Aspects of the disclosure provide a method. The method includes generating an identification based on a public key of an asymmetric key pair for a device, including the identification into an information unit to identify the device as a source of the information unit and transmitting the information unit.

INCORPORATION BY REFERENCE

This present disclosure claims the benefit of U.S. ProvisionalApplication No. 61/610,902, “KEY CENTRIC IDENTITY” filed on Mar. 14,2012, which is incorporated herein by reference in its entirety.

BACKGROUND

The background description provided herein is for the purpose ofgenerally presenting the context of the disclosure. Work of thepresently named inventors, to the extent the work is described in thisbackground section, as well as aspects of the description that may nototherwise qualify as prior art at the time of filing, are neitherexpressly nor impliedly admitted as prior art against the presentdisclosure.

In a wireless network, such as a wireless local area network (LAN),information is often transmitted via electromagnetic waves in the air.Because of the broadcast nature of the electromagnetic waves, thewireless network needs to apply security approaches, such asauthentication, data privacy, and the like, to protect the wirelessnetwork and the information transmitted within the wireless network.

SUMMARY

Aspects of the disclosure provide a method. The method includesgenerating an identification based on a public key of an asymmetric keypair for a device, including the identification into an information unitto identify the device as a source of the information unit andtransmitting the information unit.

To generate the identification based on the public key of the asymmetrickey pair for the device, in an embodiment, the method includestruncating the public key to generate the identification. In anotherembodiment, the method includes hashing the public key to generate theidentification. In an example, the method includes performing a hashfunction on the public key with a variable parameter to generate theidentification. Further, the method includes varying a value of theparameter, and performing the hash function on the public key with thevaried parameter to generate another identification.

To include the identification into the information unit as the source ofthe information unit, in an embodiment, the method includes includingthe identification into a media access control (MAC) frame to identifythe device as the source of the MAC frame. In an example, the methodincludes including the identification into an address field in the MACframe.

Additionally, in an example, the method includes generating anotheridentification based on the public key for the device when a collisionof the identification is detected.

Further, in an embodiment, to include the identification into theinformation unit to identify the device as the source of the informationunit, the method includes including the identification as an address ina protocol. In an example, the method includes including a truncatedversion of the identification as the address, such as a 802.11 localaddress.

Aspects of the disclosure provide an apparatus that includes a storagemedium, a processing circuit and a transmitting circuit. The storagemedium is configured to store an asymmetric key pair. The processingcircuit is configured to generate an identification based on a publickey of the asymmetric key pair and include the identification into aninformation unit to identify the apparatus as a source of theinformation unit. The transmitting circuit is configured to transmit theinformation unit.

Aspects of the disclosure provide a method that includes receiving by afirst device an information unit from a second device, processing theinformation unit to obtain an identification in a field of theinformation unit that is generated based on a public key of the seconddevice, and identifying the second device based on the identification.

Aspects of the disclosure also provide an apparatus that includes areceiving circuit and a processing circuit. The receiving circuit isconfigured to receive an information unit from another apparatus. Theprocessing circuit is configured to process the information unit toobtain an identification in a field of the information unit that isgenerated based on a public key of the other apparatus, and identify theother apparatus based on the identification.

BRIEF DESCRIPTION OF THE DRAWINGS

Various embodiments of this disclosure that are proposed as exampleswill be described in detail with reference to the following figures,wherein like numerals reference like elements, and wherein:

FIG. 1 shows a block diagram of a system example 100 according to anembodiment of the disclosure;

FIG. 2 shows an example of a media access control (MAC) frame accordingto an embodiment of the disclosure;

FIG. 3 shows a flow chart outlining a process example 300 according toan embodiment of the disclosure; and

FIG. 4 shows a flow chart outlining a process example 400 according toan embodiment of the disclosure.

DETAILED DESCRIPTION OF EMBODIMENTS

FIG. 1 shows a block diagram of a system example 100 according to anembodiment of the disclosure. The system 100 includes a first device 110and a second device 150 in communication. The two devices 110 and 150use public key based identifications to conduct the communication in asecure manner.

According to an aspect of the disclosure, the system 100 is a wirelesscommunication system that the first device 110 and the second device 150communicate via electromagnetic waves in the air. For example, the firstdevice 110 and the second device 150 respectively include components,such as transmitting circuit (not shown), receiving circuit (not shown),antenna (not shown), and the like, that are configured to enabletransmitting and receiving information carried by electromagnetic waves.The first device 110 and the second device 120 can be any suitabledevice, such as a desktop computer, a laptop computer, a hand-heldcomputer, a personal digital assistant, a tablet computer, a cell phone,an access point, a camera, a printer, a router, a modem, a television,and the like. In an embodiment, the first device 110 and the seconddevice 150 are wireless local area network (WLAN) products that areconfigured to comply with a suitable Institute of Electrical andElectronics Engineers (IEEE) 802.11 standard.

According to an aspect of the disclosure, the first device 110 and thesecond device 150 communicate directly and use public key baseddevice-to-device authentication.

Specifically, in the FIG. 1 example, the first device 110 stores a pairof asymmetric keys 111, such as a public key A and a private key A, in asuitable storage medium. The private key A is stored in a protectedmanner that is only available to the first device 110. The public key Acan be distributed publically. Similarly, the second device 150 stores apair of asymmetric keys 151, such as a public key B and a private key B,in a suitable storage medium. The private key B is stored in a protectedmanner that is only available to the second device 150, and the publickey B can be distributed publically.

Generally, asymmetric keys are used for asymmetric key cryptography(public key cryptography). The private and public keys in eachasymmetric key pair are different but linked. One key is used to encrypta plaintext into a ciphertext, and the other key can be used to decryptthe ciphertext back to the plaintext. For example, when the public keyis used to encrypt a plaintext into a ciphertext, the private key can beused to decrypt the ciphertext back to the plaintext; and when theprivate key is used to encrypt a plaintext into a ciphertext, the publickey can be used to decrypt the ciphertext back to the plaintext.

According to an aspect of the disclosure, the respective public keys forthe first device 110 and the second device 150 are used to generateidentifiers for identifying the first device 110 and the second device150. In an example, each public key includes a relatively large numberof bits, such as in the range of 120 to 160 binary bits, that arerandomly or pseudo randomly generated, and thus a public key for a keyholder is generally considered to be unique, and can be used foridentification purpose.

According to an embodiment of the disclosure, the identification can begenerated with a reduced number of bits compared to the public key tosimplify processing. In an example, the public key is truncated togenerate the identification. In another example, a hash algorithm, suchas a secure hash algorithm (SHA), and the like, is used to generate thepublic key based identification.

It is noted that multiple identifications can be generated based on thesame public key. In an example, a 160-bit public key is truncated intothree identifications that each has 46 bits. In another example, a hashalgorithm includes a variable parameter. When the value of the parameterchanges, the hash algorithm generates different hashing results.

Further, in the FIG. 1 example, the identification is included into aninformation unit to be transmitted, such as a media access control (MAC)frame, to authenticate the source of the information unit. Specifically,the first device 110 includes a processing circuit 120 configured toprocess outgoing information units and incoming information units. Theprocessing circuit 120 includes any suitable circuits, such as aprocessor, logic circuits, memory, registers, and the like. In anexample, a processor executes software instructions to perform a hashalgorithm. In another example, the hash algorithm is implemented bylogic circuits.

Further, the processing circuit 120 includes a MAC processing circuit130 configured to process MAC frames, such as form an outgoing MACframe, extract fields of an incoming MAC frame, and the like.

In an example, the processing unit 120 generates an identification ID-Abased on the public key A, and then the MAC processing circuit 130 forman MAC frame 115 to include the identification ID-A into a specificfield, such as an address field in the MAC header of the MAC frame 115.The MAC frame 115 can be further processed by other circuit of theprocessing circuit 120 and can be transmitted by a transmitting circuitand an antenna as electromagnetic waves in the air.

Further, the first device 110 receives incoming information units andprocesses the incoming information units. In an example, a receivingcircuit and an antenna construct an incoming MAC frame in response toelectromagnetic waves in the air. The MAC processing circuit 130examines the specific field in the MAC header of the MAC frame. Based onthe value at the specific field, the first device 110 determines whetherthe incoming MAC frame is from the second device 150. For example, whenthe value at the specific field matches an entry of an internal databaseof the first device 110 that corresponds to the second device 150, thefirst device 110 authenticates that the incoming MAC frame is formed bythe second device 150 and further processes the MAC frame accordingly.When the first device 110 does not recognize the value at the specificfield of the incoming MAC frame, the MAC frame is dropped in an example.

Similarly, the second device 150 includes a processing circuit 160configured to process outgoing information and incoming information. Theprocessing circuit 160 also utilizes certain components that areidentical or equivalent to those used in the processing circuit 110; thedescription of these components has been provided above and will beomitted here for clarity purposes.

It is noted that, in an example, the first device 110 and the seconddevice 150 are acquainted devices. For example, the first device 110 hasan entry in its internal database holding an identification for thesecond device 150, and the second device 150 has an entry in itsinternal database holding an identification for the first device 110.The first device 110 and the second device 150 can get acquainted by anysuitable technique, such as via a central management technique, viapeer-to-peer communication, and the like.

According to an embodiment of the disclosure, an information unit, suchas the MAC frame 115, the MAC frame 155 can be a multicast frame or abroadcast frame. In an example, a multicast group shares, for example,an asymmetric key pair. The public key of the shared asymmetric key paircan be used to generate an identification for the multicast group. Theidentification can be included in a field of a MAC frame, such as anaddress field of the MAC frame to identify the multicast group as thereceiving group of the MAC frame.

According to an embodiment of the disclosure, multiple identificationscan be generated to avoid collisions. In an example, due to the reducednumber of bits in an identification, collisions may happen. In anexample, the first device 110 generates multiple identifications basedon the same public key A. When a collision is detected for oneidentification, another identification can be used.

According to an aspect of the disclosure, the public key basedidentification technique can be suitably modified to provide privacyprotection. In an example, the first device 110 uses a hash algorithmhaving a parameter varying with time to generate the identification ID-Abased on the public key A. Thus, the identification ID-A varies withtime. Because the first device 110 and the second device 150 areacquainted devices, the second device 150 can still recognize the firstdevice 110 based on the identification ID-A in incoming MAC frames.However, a third party 199, which can be a malicious party, is not ableto track the first device 110 for example, by monitoringidentifications.

According to another aspect of the disclosure, the public key basedidentification can be used in a network access control application. Inan example, the second device 150 is an access point connected to anetwork 101. The network 101 includes a server 102 for access control.The second device 150 then performs authentication of the first device110 based on the public key based identification. When the first device110 is identified, the public key of the first device 110 is provided tothe server 102 for access control. Thus, in an example, the network 101does not require a secure server for holding secretes.

According to another aspect of the disclosure, the public key basedidentification can be used in a service discovery application. In anexample, the body portion of the MAC frame 115 includes a query of aspecific service that the first device 110 looks for. In anotherexample, the body portion of the MAC frame 115 includes one or moreservices that the first device 110 provides.

FIG. 2 shows an example of a media access control (MAC) frame accordingto an embodiment of the disclosure. The MAC frame includes severalportions, such as a MAC header, a frame body, and a frame check sequence(FCS). The MAC header includes various fields, such as a frame controlfield, a duration identification (ID) field, four address fields (ADDR1,ADDR2, ADDR3 and ADDR4), a sequence control field, and a quality ofservice (QOS) field.

According to an embodiment of the disclosure, one of the address fieldsholds a public key based identification. In an example, a hash functionis used to generate an identification of 46 bits based on a public key.The hash function can include other suitable parameters, such as aparameter N. In an example, N is a nonce that is randomly or pseudorandomly generated. In another example, N is a sequence number. The 46bits of identification and two other bits are then stored in, forexample the ADDR2 field that includes a total of 6 bytes (48 bits).

According to an aspect of the disclosure, in a multicast or a broadcastapplication, one of the address fields can hold an identification for amulticast group or a broadcast group. The identification can begenerated based on a public key of a shared asymmetric key pair of themulticast group in an example.

According to another aspect of the disclosure, in a service discoveryapplication, the frame body includes a query of a specific service,and/or a specific service that can be provided by the source device ofthe MAC frame.

FIG. 3 shows a flow chart outlining a process example 300 according toan embodiment of the disclosure. The process 300 is performed by adevice, such as the first device 110 to form and transmit an MAC frame,such as the MAC frame 115. The process starts at S301 and proceeds toS310.

At S310, the first device 110 stores the asymmetric key pair 111including the public key A and the private key A. The private key A isstored in a secure manner, and the public key A can be distributepublically. The asymmetric key pair 111 is used in public keycryptography. In addition, because each public key includes a relativelylarge number of bits, such as in the range of 120 to 160 bits, that arerandomly or pseudo randomly generated, and the public key is generallyconsidered to be unique, and can be used for identification purpose.

At S320, the first device 110 generates an identification ID-A based onthe public key A. In an example, the processing circuit 120 truncatesthe public key A to generate the ID-A. In another example, theprocessing circuit 120 executes a hash algorithm to generate the ID-A.The ID-A has a reduced number of bits compared to the public key. In anexample, the ID-A has 46 bits. The reduced number of bits can simplifyID-A processing.

At S330, the first device 110 includes the identification ID-A into afield of an MAC frame. In an example, the MAC processing circuit 130forms the MAC frame 115 and includes the ID-A into an address field inthe MAC header of the MAC frame 115.

At S340, the first device 110 transmits the MAC frame. For example, thefirst device 110 includes a transmitting circuit (not shown) and anantenna (not shown). The transmitting circuit and the antenna transmitthe MAC frame 115 as electromagnetic waves in the air. Then, the processproceeds to S399 and terminates.

FIG. 4 shows a flow chart outlining a process example 400 according toan embodiment of the disclosure. The process 400 is performed by adevice, such as the second device 150 to receive an MAC frame. Theprocess starts at S401 and proceeds to S410.

At S410, the second device 150 receives an MAC frame from anotherdevice. In an example, the second device 150 includes an antenna (notshown), and a receiving circuit (not shown). The antenna and thereceiving circuit reconstruct the MAC frame 115 transmitted by the firstdevice 110 in response to the electromagnetic waves in the air.

At S420, the second device 150 processes the MAC frame to obtain anidentification that is generated based on a public key of the otherdevice. In an example, the MAC processing circuit 170 processes the MACframe, and extracts a value in an address field of the MAC frame.

At S430, the second device 150 authenticates the other device based onthe identification. In an example, the first device 110 and the seconddevice 150 are acquainted devices. The second device 150 keepsinformation, such as identification ID-A, public key A, and the like, ofthe first device 110 in an entry within an internal database. The seconddevice 150 looks up the extracted value in the internal database. Whenthe extracted value corresponds to the entry of the first device 110,the second device 150 determines that the first device 110 is the sourcedevice of the received MAC frame, and processes the received MAC frameaccordingly.

However, when the extracted value does not correspond to any entry ofthe internal database, in an embodiment, a new entry in the internaldatabase is created to learn more information about the source of theMAC frame. In another embodiment, the MAC frame is dropped forprocessing when the source of the MAC frame is not identified. Then, theprocess proceeds to S499 and terminates.

While aspects of the present disclosure have been described inconjunction with the specific embodiments thereof that are proposed asexamples, alternatives, modifications, and variations to the examplesmay be made. Accordingly, embodiments as set forth herein are intendedto be illustrative and not limiting. There are changes that may be madewithout departing from the scope of the claims set forth below.

What is claimed is:
 1. A method comprising: generating an identificationbased on a public key of an asymmetric key pair for a first device byusing a hash function with a variable parameter that varies over time;varying a value of the parameter; performing the hash function on thepublic key with the varied parameter to generate another identification;including the identification into information unit to identify the firstdevice as a source of the information unit; including a specific servicethat the first device is requesting or providing in the informationunit; transmitting the information unit from the first device; receivingthe information unit at a second device; authenticating the first devicebased on the identification included in the received information unit;and generating another identification based on the public key for thedevice when a collision of the identification is detected.
 2. The methodof claim 1, wherein generating the identification based on the publickey of the asymmetric key pair for the device further comprises at leastone of: truncating the public key to generate the identification; andhashing the public key to generate the identification.
 3. The method ofclaim 1, wherein including the identification into the information unitas the source of the information unit further comprises: including theidentification into a media access control (MAC) frame to identify thedevice as the source of the MAC frame.
 4. The method of claim 3, whereinincluding the identification into the MAC frame to identify the deviceas the source of the MAC frame further comprises: including theidentification into an address field in the MAC frame.
 5. The method ofclaim 1, wherein including the identification into the information unitto identify the device as the source of the information unit comprises:including the identification as an address in a protocol.
 6. The methodof claim 5, wherein including the identification as address in theprotocol further comprises: including a truncated version of theidentification as the address.
 7. The method of claim 6, whereinincluding the truncated version of the identification as the addressfurther comprises: including the truncated version of the identificationas a 802.11 local address.
 8. An apparatus, comprising: a storage mediumconfigured to store an asymmetric key pair; and a processing circuitconfigured to generate an identification based on a public key of theasymmetric key pair by using a hash function with a variable parameterthat varies over time, vary a value of the parameter to perform the hashfunction on the public key with the varied parameter to generate anotheridentification, include the identification into information unit toidentify the apparatus as a source of the information unit, and includea specific service that the first device is requesting or providing inthe information unit; and a transmitting circuit configured to transmitthe information unit, so that a second apparatus can authenticate theapparatus based on the identification included in the transmittedinformation unit, wherein the processing circuit is configured togenerate another identification based on the public key when a collisionof the identification is detected.
 9. The apparatus of claim 8, whereinthe processing circuit is configured to generate the identification byat least one of truncating the public key to generate theidentification, and hashing the public key to generate theidentification.
 10. The apparatus of claim 8, wherein the processingcircuit is configured to include the identification into a media accesscontrol (MAC) frame.
 11. The apparatus of claim 10, wherein theprocessing circuit is configured to include the identification into anaddress field in the MAC frame.
 12. The apparatus of claim 8, whereinthe processing circuit is configured to include the identification as anaddress in a protocol.
 13. The apparatus of claim 12, wherein theprocessing circuit is configured to include a truncated version of theidentification as the address.
 14. The apparatus of claim 13, whereinthe processing circuit is configured to include the truncated version ofthe identification as an 802.11 local address.